Security vulnerabilities are present in all types of devices and systems. They can seriously compromise our computers, especially those that are connected to the network. A new botnet takes advantage of precisely these security flaws to attack devices on the network. For this they use public exploits, which shows us once again the importance of always keeping our systems correctly updated.
A new botnet attacks vulnerable network devices
Hackers typically set their sights on devices that many users use and, especially, where they can find vulnerabilities. There are many failures that can affect systems and could compromise our privacy on the network.
It is a variant of the Mirai botnet . A group of Palo Alto Network security researchers discovered attacks by this botnet a few weeks ago and began tracking its activity. The botnet operator took about a month to integrate exploits for ten vulnerabilities, many of them critical, for various purposes.
Among these vulnerabilities is VisualDoor , the exploit for a remote command injection vulnerability in SonicWall SSL-VPN devices that the manufacturer claims was fixed years ago. But there are also more recent exploits leveraged in these attacks, such as CVE-2021-22502, a remote code execution bug in Vertica’s Micro Focus Operation Bridge Reporter (OBR) product.
OBR uses Big Data technology to create performance reports based on data from other business software. Two other critical severity vulnerabilities exploited in attacks by the operator of this Mirai-based botnet are CVE-2021-27561 and CVE-2021-27562 that affect Yealink Device Management.
Two independent security researchers, Pierre Kim and Alexandre Torres, reported these flaws through the SSD Secure Disclosure program .
Researchers at the Palo Alto Network indicate that three of the vulnerabilities exploited by attackers have yet to be identified, as the targets remain unknown. We can see the technical report with all the information on the different vulnerabilities here .
As we have indicated, four of these vulnerabilities have been classified as critical, one of high severity and three have not yet been identified. All of these failures could lead to brute force attacks or spread malware.
How to protect computers and avoid security problems
It is very important that we correct any vulnerability that appears in our systems. We have seen that in this case it is about security flaws that allow the entry of threats that turn our devices on the network into a botnet. It is a variant of the Mirai botnet, but we must apply this at all times. There are even vulnerability scanners.
Correcting the security flaws , having the systems updated and patched, is essential. We must at all times keep ourselves safe from this type of problem and thus also preserve privacy when browsing the Internet or using any device connected to the network.
It is equally important to always have safety programs. A good antivirus can prevent the entry of threats in the form of malware that can damage systems. But certainly you also have to take into account common sense and not make mistakes.